Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33 advisories

Loading
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library High
GHSA-gmhj-xjfh-cf6m was published for github.com/mohammed90/caddy-ssh (Go) Sep 23, 2022
porcupineyhairs
Rancher generated tokens not revoked after modifications made to authentication provider High
GHSA-c45c-39f6-6gw9 was published for github.com/rancher/rancher (Go) Jan 25, 2023
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication High
CVE-2022-39219 was published for github.com/brokercap/Bifrost (Go) Sep 27, 2022
tarihub
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
TiDB authentication bypass vulnerability High
CVE-2022-31011 was published for github.com/pingcap/tidb (Go) Jun 6, 2022
Bifrost vulnerable to authentication check flaw that leads to authentication bypass High
CVE-2022-39267 was published for github.com/brokercap/Bifrost (Go) Oct 18, 2022
Improper Authentication in Capsule Proxy High
CVE-2022-23652 was published for github.com/clastix/capsule-proxy (Go) Feb 23, 2022
enj
Unauthenticated control plane denial of service attack in Istio High
CVE-2022-23635 was published for istio.io/istio (Go) Feb 23, 2022
AdamKorcz howardjohn
Token reuse in Ory fosite High
CVE-2020-15222 was published for github.com/ory/fosite (Go) May 24, 2021
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Traefik Missing Authentication High
CVE-2018-15598 was published for github.com/traefik/traefik (Go) May 13, 2022
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled High
CVE-2023-43809 was published for github.com/charmbracelet/soft-serve (Go) Oct 2, 2023
JJGadgets
Authentication bypass vulnerability in navidrome's subsonic endpoint High
CVE-2023-51442 was published for github.com/navidrome/navidrome (Go) Dec 19, 2023
crazygolem
Account compromise in Evmos High
CVE-2022-24738 was published for github.com/tharsis/evmos (Go) Mar 7, 2022
colin-axner
kyverno verifyImages rule bypass possible with malicious proxy/registry High
CVE-2022-47633 was published for github.com/kyverno/kyverno (Go) Dec 21, 2022
slashben
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
RobotsAndPencils go-saml authentication bypass vulnerability High
CVE-2023-48703 was published for github.com/RobotsAndPencils/go-saml (Go) Aug 5, 2024
ProTip! Advisories are also available from the GraphQL API